Commit 0441a2c6 authored by Mikhail Piatliou (EPAM)'s avatar Mikhail Piatliou (EPAM)
Browse files

GONRG-3380: added tf for crs-catalog

parent f0a6416f
Pipeline #67672 passed with stage
in 1 minute and 22 seconds
locals {
crs_catalog_name = "crs-catalog"
crs_catalog_image = "community.opengroup.org:5555/osdu/platform/system/reference/crs-catalog-service/osdu-gcp:latest"
crs_catalog_roles_name = [
"roles/datastore.viewer",
"roles/iam.serviceAccountTokenCreator",
]
}
resource "google_service_account" "crs_catalog_sa" {
# GCP service account ids must be < 30 chars matching regex ^[a-z](?:[-a-z0-9]{4,28}[a-z0-9])$
# KSA does not have this naming restriction.
depends_on = [google_container_node_pool.cluster_node_pool]
account_id = "workload-${local.crs_catalog_name}-sa"
display_name = substr("GCP SA bound to K8S SA ${local.crs_catalog_name}", 0, 100)
project = var.service_google_project
}
resource "kubernetes_service_account" "crs_catalog_k8s" {
depends_on = [google_container_node_pool.cluster_node_pool, google_service_account.crs_catalog_sa]
metadata {
name = "gke-${local.crs_catalog_name}-sa"
namespace = "default"
annotations = {
"iam.gke.io/gcp-service-account" = google_service_account.crs_catalog_sa.email
}
}
}
resource "google_project_iam_member" "iam_member_crs_catalog" {
depends_on = [google_container_node_pool.cluster_node_pool, google_service_account.crs_catalog_sa]
for_each = toset(local.crs_catalog_roles_name)
project = var.service_google_project
role = each.value
member = "serviceAccount:${google_service_account.crs_catalog_sa.email}"
}
resource "google_service_account_iam_member" "crs_catalog_k8s" {
depends_on = [kubernetes_service_account.crs_catalog_k8s]
service_account_id = google_service_account.crs_catalog_sa.name
role = "roles/iam.workloadIdentityUser"
member = "serviceAccount:${var.service_google_project}.svc.id.goog[default/${kubernetes_service_account.crs_catalog_k8s.metadata[0].name}]"
}
# Apply configmap from helm chart
resource "helm_release" "crs_catalog_config" {
depends_on = [
google_container_node_pool.cluster_node_pool,
]
name = "crs-catalog-configmap"
repository = "https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/jobs/artifacts/gcp-helm-release-0-1/raw/helm-charts/?job=osdu-gcp-helm-charts"
chart = "gcp-crs-catalog-configmap"
namespace = "default"
recreate_pods = true
set {
name = "data.log_level"
value = var.log_level
}
set {
name = "data.project_id"
value = var.service_google_project
}
set {
name = "data.entitlement_url"
value = "http://${local.ent_name}.default.svc.cluster.local/api/entitlements/v2"
}
set {
name = "data.crs_catalog_host_name"
value = "${local.crs_catalog_name}.default.svc.cluster.local"
}
set {
name = "data.audiences"
value = var.audiences
}
set {
name = "data.partition_api"
value = "http://${local.partition_name}.default.svc.cluster.local/api/partition/v1/"
}
set {
name = "data.google_audiences"
value = var.audiences
}
set {
name = "conf.app_name"
value = local.crs_catalog_name
}
}
# Apply deploy from helm chart
resource "helm_release" "crs_catalog_deploy" {
depends_on = [
kubernetes_job.ent-bootstrap-job,
helm_release.crs_catalog_config,
]
name = "crs-catalog-deploy"
repository = "https://community.opengroup.org/osdu/platform/system/reference/crs-catalog-service/-/jobs/artifacts/gcp-helm-release-0-1/raw/helm-charts/?job=osdu-gcp-helm-charts"
chart = "gcp-crs-catalog-deploy"
namespace = "default"
recreate_pods = true
set {
name = "data.image"
value = local.crs_catalog_image
}
set {
name = "data.serviceAccountName"
value = kubernetes_service_account.crs_catalog_k8s.metadata[0].name
}
set {
name = "conf.app_name"
value = local.crs_catalog_name
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment